Google Chrome is one of the popular web browser that’s attracting more and more people everyday. There are many users who are still not clear the way Google Chrome functionalities work and Hackers are taking advantage of that. In the recent attack targeting Google Chrome users, Hackers are sending out an unsolicited e-mail which announces that a new extension of their favorite browser has been developed to facilitate their access to documents from e-mails. An apparently unsuspicious link is provided in provided in the email and the recipients are advised to follow it in order to download the new extension. Once they click the link they are redirected to a look-alike of the Google Chrome Extensions page, which provides them with a fake application that infects their systems with malware.

If you are a Google Chrome user then do read the mail carefully before you click any link. If you are still suspicious but wanted to install the extension better give a search on Google which would take you to a safe page if the extension really exists. Coming to the Google Chrome Malware Extension attack, although the sham application has the same description as that of an original Google Chrome Extension, the first sign the more inquisitive users will get about it not being what they were looking for should be the fact that instead of the expected “.crx” extension, it features a flamboyant “.exe” tail.

BitDefender identified the malware as Trojan.Agent.20577 and the application modifies the Windows HOSTS file in an attempt to block access to Google and Yahoo webpages. Every time users want to access them and write “google.[xxx]” or “[xx].search.yahoo.com” in the web browser, they will be redirected to another IP: 89.149.xxx.xxx . This allows the malware creators to intercept the victims’ calls to reach the respective sites. In this way, the credulous users will be redirected to the cybercriminals’ own malware-laden versions of those sites. So be careful the next time before you click any link to install a Google Chrome Extension.